Share this
Cybersecurity in Shared Co-Working Offices
by Frank Ahan on Jan 10, 2023 12:00:00 AM
Coworking offices have been growing in popularity, making news headlines, and getting featured in TV shows, even before the pandemic. However the pandemic, and the post-pandemic fallout, has really been an impetus for businesses of all sizes to adopt the use of coworking offices. From five- to ten-year locked-in leases with static square footage, to no-commitment short term leases from three months to 2 years—the coworking option has made the most sense for many businesses.
Challenges of Co-working
A new set of cybersecurity risks and challenges were introduced by organizations moving from a traditional single-company office to a shared office.
In a shared coworking space organizations are sharing with up to a hundred different companies. They are often sharing the same spaces, networks, and devices.
On top of that, to provide a modern clean and welcoming aesthetic many of the spaces are designed with lots of glass and openings to allow for natural light to pass through.
Coworking Risks (and Recommendations)
Physical Security of Shared Offices
Being that the coworking operators control the physical access to the offices, organizations using the space have little-to-no control over it.
There may be people in the offices who were not fully vetted: A guest for the day, a vendor, or even a malicious actor waiting to seize an opportunity to either grab devices or access unguarded ones and launch a threat via USB device.
When looking for a coworking office, determine if the building itself has a good access policy, such as front desk guards and keycard access to the floors on elevators.
Once in the shared offices, make it a policy to issue keys or cards to each employee and keep the offices that the organization uses locked at all times. If the operator allows, it is recommended to frost the glass of offices to prevent screens from being seen from the outside.
Network Security in Coworking Spaces
Internet and Network services provided by coworking operators vary—from just an ISP hook up, all the way to a personalized VLAN and Vanity SSIDs.
Many offices provide free wireless internet with a single password shared by everyone. This perk is actually a huge risk for an organization using coworking offices. Again, having non-vetted users or devices on the same network as the organization’s can lead to many vulnerabilities and risks. Packet sniffing, eavesdropping, network vulnerability scans, and brute force attacks on workstations are a few ways shared wired and wireless networks can expose the organization to unnecessary risks.
When selecting a coworking operator, an organization should check the different network and internet offerings. A segregated VLAN, wireless network that offers 802.1x protocols, and dedicated bandwidth are things that should be sought out when engaging a coworking office. On top of that, a mix use of firewall, VPN, and DNS service is incredibly important in a coworking environment.
Employee Device Security
Devices are at a huge risk in a shared office environment.
Employee device security should always be a top priority, but even more so when coworking offices are used. Common security threats include devices being stolen from common work areas, USB dongles attached to a device and payloads executed when an employee leaves their desk unattended, or even a stranger brazenly sitting down on a random device and installing a remote access application.
Device policies should be enforced, such as: Never leave a device unattended in a common open workspace, and devices should be password protected with auto screensavers that come up after a short interval of inactivity.
Employees should also be trained to keep an eye out for shoulder surfing, and be sure to keep monitor screens facing away from the hallways. Only approved wireless networks should be used by employees—never the public ones offered.
If common printers are offered, it is also recommended to not allow any confidential information to be printed at these devices. Instead, invest in a printer that can be used within the organization’s sole physical control.
Adapting to the World of Co-working
As IT and Cybersecurity professionals, we need to be able to adjust and adapt according to business needs. With many organizations moving daily operations to coworking and shared offices, it is up to us to make sure networks and devices are secure.
These environments offer many new challenges and risks, but there are solutions and best practices for that—all that needs to be done is to implement them.
Share this
Categories
- Featured (265)
- Protective DNS (22)
- IT (15)
- IndyCar (9)
- Content Filtering (8)
- Cybersecurity Brief (7)
- IT Challenges (7)
- Public Wi-Fi (7)
- AI (6)
- Deep Dive (6)
- Malware (4)
- Roaming Client (4)
- Team (4)
- Compare (3)
- MSP (3)
- Phishing (3)
- Tech (3)
- Anycast (2)
- Events (2)
- Machine Learning (2)
- Ransomware (2)
- Tech Stack (2)
- Secure Web Gateway (1)
Earlier this month I joined Mikey Pruitt, our Global Partner Evangelist, on the DNSFilter podcast dnsUNFILTERED to discuss my 2025 cybersecurity predictions. We had a lot of fun and covered all of the points I’ll outline here, but I wanted to go deeper. My 30 years of cybersecurity experience have given me a strong sense of where we’re heading as an industry—the shift to the cloud in many ways is a precursor in the adoption of AI and the future...
Most businesses only think about DNS security after an attack has already occurred. By then, the damage is done - downtime, lost revenue, compromised data, and a tarnished reputation. In an environment where cyber threats are constantly evolving, a reactive approach to DNS security simply isn’t enough.
Customer experience is the secret sauce that sets successful Managed Service Providers (MSPs) apart from the rest. In a market teeming with competition, you need to offer more than the best technology or the lowest prices. It's about how clients feel when they interact with your services. A stellar customer experience can transform a one-time client into a loyal advocate, while a poor one can send them running to your competitors. According to a ...